To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.

OpenSSL (SSA:2005-286-01)

New OpenSSL packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue. Under certain conditions, an attacker acting as a "man in the middle" may force a client and server to fall back to the less-secure SSL 2.0 protocol.

Here are the details from the Slackware 10.2 ChangeLog:+--------------------------+patches/packages/openssl-0.9.7g-i486-2.tgz: Patched. Fixed a vulnerability that could, in rare circumstances, allow an attacker acting as a "man in the middle" to force a client and a server to negotiate the SSL 2.0 protocol (which is known to be weak) even if these parties both support SSL 3.0 or TLS 1.0. For more details, see:http://www.openssl.org/news/secadv_20051011.txthttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969 (* Security fix *)patches/packages/openssl-solibs-0.9.7g-i486-2.tgz: Patched. (* Security fix *)+--------------------------+